Key sets manage
Lightweight Third Party Authentication (LTPA) keys
in a key store that is based on a key alias prefix. A key alias prefix
is
automatically generated when you generate a new key and store it in
a key
store. Key stores can contain multiple versions of keys for any given
key
alias prefix. You can specify a maximum number of active keys in the
key set
configuration.
Before you begin
You must know the name of the
key set group and the management scope
where the key set group is defined.
The
default key set group is CellLTPAKeySetGroup.
Complete the following
steps
in the administrative console.
About this task
LTPA keys are used
to encrypt the LTPA token. You might want to set
a specific number of active keys that WebSphere® Application
Server returns
when the server queries for keys for a particular key set. The following
steps are needed to complete this task in the administrative console.
Procedure
- Click Security > SSL certificate and key management >
Manage endpoint security configurations.
- Expand
the tree to the inbound or outbound management scope that
contains the key set group, and then click the scope link.
- Under Related Items, click Key Sets.
- Click the key set that you want to modify.
-
In the Maximum number of keys referenced field, type
a
numerical value for the maximum number of keys that you want to activate.
- Click OK and Save to save the changes
to the master
configuration.
- Start the server again for the
changes to become active. WebSphere Application
Server activates only the number of recent keys that you specified.
Results
The Maximum number of keys referenced value
determines how
many active keys are returned when the server queries for keys for
the selected
key set.
What to do next
You can click Active key history in
the Key set panel to
display the keys that are active for this key set.